Client certificates in emails are not rare, even to the contrary, they are
predominant. The proportion of verifiable client certificates is about the
same proportion of verifiable server certificates.
I think there are a few MTAs that have different config for certificate
presented as a client vs
Thanks for that. :)
--
Al Iverson
www.aliverson.com
(312)725-0130
On Thu, Apr 14, 2016 at 3:02 AM, Steve Freegard wrote:
>
> On 14/04/16 00:58, Al Iverson via mailop.org wrote:
>>
>> Boo @ designing something so that "FAIL is really nothing is to be
>> concerned with."
>>
>> It's the kind of th
On 14/04/16 01:19, Franck Martin via mailop wrote:
Have a look at
https://tools.ietf.org/html/draft-martin-authentication-results-tls-03
may be jump to the example...
I did not pursue, but many MTA clients are sending the certificates,
meant for receiving email to the server they are connec
On 14/04/16 00:58, Al Iverson via mailop.org wrote:
Boo @ designing something so that "FAIL is really nothing is to be
concerned with."
It's the kind of thing deliverability people will now be spending the
rest of their lives explaining to clients that this big ole FAIL is to
be ignored.
Agr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2016-04-13 at 17:19 -0700, Franck Martin via mailop wrote:
> You can verify that the certificate is trusted (based on your list of
> trusted CAs), but there are no good method to do hostname
> verification. May be a FCrDNS would allow you to
Have a look at
https://tools.ietf.org/html/draft-martin-authentication-results-tls-03 may
be jump to the example...
I did not pursue, but many MTA clients are sending the certificates, meant
for receiving email to the server they are connecting too.
You can verify that the certificate is trusted
Boo @ designing something so that "FAIL is really nothing is to be
concerned with."
It's the kind of thing deliverability people will now be spending the
rest of their lives explaining to clients that this big ole FAIL is to
be ignored.
--
Al Iverson
www.aliverson.com
(312)725-0130
On Wed, Apr
Hi Robert,
I'm one of the developers of Haraka.
verify=FAIL simply means that the TLS certificate presented by the peer
host could not be verified as trusted by a CA.
In the case of an MUA (which this appears to be), it would be normal as
an MUA does not usually present client TLS certificates
If the server is saying your client connection is verify=FAIL/NO, I would
imagine that means either you have a client certificate that doesn't
verify, or you don't have a client certificate the remote server is being
pedantic about it.
Brandon
On Wed, Apr 13, 2016 at 2:56 PM, Robert Guthrie wrot
Hello List,
I wonder if someone could tell me about the verify=FAIL messages I'm seeing
in email headers sent from my SMTP's.
Received: from loomio.io (errbit.loomio.org [45.55.128.240])
by smtp.loomio.io (Haraka/2.8.0-alpha.7) with ESMTPSA id
632790F7-CF56-4481-ACBA-2CBACE7EB8BB.1
10 matches
Mail list logo
